Page MenuHomePhabricator

OAuth broken in MW 1.35 bundle
Closed, ResolvedPublic

Description

Steps to reproduce:

  • download https://github.com/wmde/wikibase-docker
  • replace wikibase/wikibase:1.34-bundle with wikibase/wikibase:1.35-bundle in docker-compose.yml
  • run docker-compose up -d
  • docker-compose logs wikibase

Does not happen with 1.34-bundle

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

This is a bug in oauth extension itself.

Change 657064 had a related patch set uploaded (by Ladsgroup; owner: Ladsgroup):
[mediawiki/extensions/OAuth@master] Add oauthVersion to createOAuthConsumer.php

https://gerrit.wikimedia.org/r/657064

Change 656924 had a related patch set uploaded (by Ladsgroup; owner: Ladsgroup):
[mediawiki/extensions/OAuth@REL1_35] Add oauthVersion to createOAuthConsumer.php

https://gerrit.wikimedia.org/r/656924

Change 656924 merged by jenkins-bot:
[mediawiki/extensions/OAuth@REL1_35] Add oauthVersion to createOAuthConsumer.php

https://gerrit.wikimedia.org/r/656924

Change 657064 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] Add oauthVersion to createOAuthConsumer.php

https://gerrit.wikimedia.org/r/657064

Props for the fast response!

I just tried the latest version and am now getting an error for a different field:

php /var/www/html/extensions/OAuth/maintenance/createOAuthConsumer.php --approve --callbackUrl http://localhost:9191/api.php --callbackIsPrefix true --user AdminUser --name QuickStatements --description QuickStatements --version 1.0.1 --grants createeditmovepage --grants editpage --grants highvolume --jsonOnSuccess

MWException from line 343 of /var/www/html/extensions/OAuth/src/Backend/MWOAuthDAO.php: MediaWiki\Extensions\OAuth\Backend\OAuth1Consumer requires 'oauth2IsConfidential' field.

Change 657305 had a related patch set uploaded (by Ladsgroup; owner: Ladsgroup):
[mediawiki/extensions/OAuth@master] Add two more required fields to createOAuthConsumer.php

https://gerrit.wikimedia.org/r/657305

Change 657656 had a related patch set uploaded (by Ladsgroup; owner: Ladsgroup):
[mediawiki/extensions/OAuth@REL1_35] Add two more required fields to createOAuthConsumer.php

https://gerrit.wikimedia.org/r/657656

Change 657305 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] Add two more required fields to createOAuthConsumer.php

https://gerrit.wikimedia.org/r/657305

Change 657656 merged by jenkins-bot:
[mediawiki/extensions/OAuth@REL1_35] Add two more required fields to createOAuthConsumer.php

https://gerrit.wikimedia.org/r/657656

After the latest fix the extensions/OAuth/maintenance/createOAuthConsumer.php script is running without error.

Now when I go to the quickstatements UI and click login I get

<b>Fatal error</b>:  Uncaught Exception: Error retrieving token1: {&amp;quot;error&amp;quot;:&amp;quot;mwoauth-callback-not-oob-or-prefix&amp;quot;,&amp;quot;message&amp;quot;:&amp;quot;oauth_callback must be set, and must be set to \&amp;quot;oob\&amp;quot; (case-sensitive), or the configured callback must be a prefix of the supplied callback.&amp;quot;,&amp;quot;callback&amp;quot;:&amp;quot;api.php&amp;quot;} in /var/www/html/magnustools/public_html/php/oauth.php:284
Stack trace:
#0 /var/www/html/quickstatements/public_html/api.php(89): MW_OAuth-&gt;doAuthorizationRedirect('api.php')
#1 {main}
  thrown in <b>/var/www/html/magnustools/public_html/php/oauth.php</b> on line <b>284</b><br />

This seems to be coming from the MWOAuthServer class in the OAuth extension.

Looks like this is a QuickStatement issue that is already tracked: https://github.com/magnusmanske/quickstatements/pull/1